Your Boss Just Emailed You - or Did They? Founder Impersonation Scams on The Rise in Malaysia

Digital
5 Mar 2025 • 4:00 PM MYT
Shelina Winthya
Shelina Winthya

Social media girlie, heart-led writer.

image is not available
Source: AI ChatGPT

In today's fast-paced digital landscape, cybercriminals are continually refining their methods to exploit businesses and individuals. A particularly alarming tactic growing in popularity is "Founder Email Impersonation," where attackers pose as company founders or high-ranking executives to deceive employees into unveiling protected details or transferring funds.

Understanding Founder Email Impersonation

Founder email impersonation is a sophisticated phishing scam in which attackers meticulously replicate the email address, tone, and writing style of a company's founder or executive. These counterfeit emails are crafted to appear legitimate, often employing slight variations in the sender's address that can easily go unnoticed. The primary objective is to manipulate recipients into executing urgent tasks, such as transferring funds, sharing confidential data, or granting access to sensitive systems.

The Mechanics of the Scam

Cybercriminals act as astute researchers, delving into publicly available information on platforms like LinkedIn to gather details about company leaders and employee relationships. This intelligence enables them to construct highly convincing emails that seem to originate from trusted sources within the organization. These messages often convey a sense of urgency, citing pressing deadlines or critical meetings, and may include subtle alterations in the sender's email address to enhance their deceptive appeal.

Recognizing the Warning Signs

While these scams are increasingly sophisticated, being vigilant for certain red flags can help in identifying potential threats:

  • Anomalous Email Addresses: Carefully inspect the sender's email address for minor misspellings or unexpected domain names.
  • Unusual Urgency: Be cautious of emails demanding immediate action, especially those involving financial transactions or requests to contact personal phone numbers.
  • Requests for Sensitive Information: Exercise caution if asked to provide confidential data or access credentials via email.
  • Inconsistent Communication Style: A formal or generic tone from an executive known for a personable style may signal a fraudulent attempt.

Steps to Take if Targeted

If you suspect you've been targeted by a founder impersonation scam:

  • Notify Your IT Department: Immediately report the suspicious email and block the sender to prevent further attempts.
  • Review Financial Accounts: Examine accounts for unauthorized transactions or access.
  • Inform Relevant Parties: Alert employees, clients, or partners who might be affected by the breach.
  • Report the Incident: File a report with local cybercrime authorities to assist in tracking and mitigating such scams.

The Malaysian Context

In Malaysia, the prevalence of online impersonation scams is a growing concern. In 2023 alone, telecommunication-related scams—including SMS contest scams, online impersonation scams, and phone call scams—accounted for 10,348 cases, resulting in losses totaling RM352.9 million. (Mail, M. (2024, March 18). Total of 34,497 online scam cases reported, losses estimated at RM1.2b last year, Dewan Negara told. Malay Mail ; Malay Mail.)

This statistic underscores the critical need for heightened awareness and robust cybersecurity measures within Malaysian organizations.

Proactive Measures

To safeguard against such deceptive attacks, organizations should:

  • Cultivate a Culture of Cybersecurity Awareness: Regular training can help employees recognize and respond appropriately to phishing attempts.
  • Implement Strong Security Protocols: Utilize multi-factor authentication and regularly update security systems to deter unauthorized access.
  • Encourage Vigilant Communication Practices: Promote a culture where employees feel comfortable verifying unusual requests through direct communication channels.

By adopting these proactive strategies, businesses can significantly reduce the risk of falling victim to founder impersonation scams and protect their valuable assets.

Shelina Winthya is a content creator under the Newswav Creator programme, where you get to express yourself, be a citizen journalist, and at the same time monetize your content & reach millions of users on Newswav. Log in to creator.newswav.com and become a Newswav Creator now!

The User Content (as defined on Newswav Terms of Use) above including the views expressed and media (pictures, videos, citations etc) were submitted & posted by the author. Newswav is solely an aggregation platform that hosts the User Content. If you have any questions about the content, copyright or other issues of the work, please contact Newswav.